The Tweak for LEX-128, LEX-192, LEX-256.
----------------------------------------
In order to avoid slide attack by Wu-Preneel we need to break the similarity of
IV setup and encryption processes.
Current implementation uses the same function for the resynch and for the stream generation.
This function is a slightly tweaked AES', where the last round is exactly the same as all the
others i.e. ShiftRow, MixColumn after the S-boxes, and no XOR with the 15th subkey. Indeed,
while in AES the last round is different from the others there is no need for such difference
when you generate a stream.
------------------------------------------------
The tweak:
Use the full AES to encrypt the IV, not the AES'. I.e. drop the MixColumn and do XOR the last subkey.
No changes for the stream generation.
-------------------------------------------------
This small change seems enough to destroy the sliding property between the resync and the stream
generation and does not slow down the stream generation of LEX-256 compared to LEX-128. Another
solution could be to XOR iteration counters but it is less elegant and will give up to 5-10%
slowdown.